Commit Graph

105 Commits

Author SHA1 Message Date
Jaroslav_ 1ceeb8ddbb
SAN host check (#168)
* Check if host is present in certificates SAN list

* Save .tlsServerHost error as .tlsServerVerification into last error

Co-authored-by: Davide De Rosa <keeshux@gmail.com>
2020-05-09 00:02:16 +02:00
Davide De Rosa 56eda2720e Fix CHANGELOG format 2020-05-08 23:50:03 +02:00
Davide De Rosa 60213bafb8 Fix and improve #169
- Use constants
- Check packet length for OOB read
- Replace assertion with logging
2020-05-08 21:01:36 +02:00
Davide De Rosa 60e6bcdba8 Update OpenSSL to 1.1.1g
Fixes #166
2020-04-21 22:03:08 +02:00
Davide De Rosa 7ba022527c Update CHANGELOG and README 2020-04-19 02:33:44 +02:00
Davide De Rosa 735c1fd7fd Update CHANGELOG 2020-04-18 17:11:39 +02:00
Davide De Rosa d24fe30c7e Update CHANGELOG 2020-04-15 11:22:54 +02:00
Davide De Rosa e8f3d74894 Update CHANGELOG
Fixes #153
2020-04-14 22:57:23 +02:00
Davide De Rosa af9f7f8165 Update CHANGELOG 2020-04-13 17:53:10 +02:00
Davide De Rosa deff855bbc Fix pointers to local buffers 2020-04-05 17:30:17 +02:00
Davide De Rosa 8825a4e9c8 Update CHANGELOG 2020-02-29 19:26:43 +01:00
Davide De Rosa e3241f4f4d Fix potential OOB during negotiation
Reported by @Grivus with SoftEther.

Closes #143
2019-12-22 16:31:57 +01:00
Davide De Rosa 6ae741a310 Refine CHANGELOG
Issue #138 not really fixed, Apple feedback needed.
2019-12-14 10:14:27 +01:00
Davide De Rosa db787268a2 Update CHANGELOG 2019-12-12 18:37:16 +01:00
Davide De Rosa a65682a89a Update CHANGELOG 2019-12-11 16:44:04 +01:00
Davide De Rosa b1c11e3e56 Make --ca and --cipher non-optional in .ovpn
Dodge those annoying scenarios where server cipher is not set
and defaults to BF-CBC, whereas default TunnelKit cipher
is AES-128-CBC. And data channel stalls.
2019-11-20 01:07:39 +01:00
Davide De Rosa 907c8ec00c Set release date
Fixes #123
2019-11-03 03:46:04 +01:00
Davide De Rosa 9c92d1d567 Upgrade OpenSSL to 1.1.1d 2019-11-02 00:21:51 +01:00
Davide De Rosa eabcf39f35 Upgrade OpenSSL to 1.1.0l 2019-10-28 11:11:49 +01:00
Davide De Rosa 4d930d3562 Update CHANGELOG
Fixes #127
2019-10-25 19:08:44 +02:00
Davide De Rosa 74ec321946 Update CHANGELOG 2019-10-22 22:01:04 +02:00
Davide De Rosa 98b9d71eb3 Assume VPN gateway when route gw is "vpn_gateway" 2019-10-22 13:53:36 +02:00
Davide De Rosa 920a84f952 Update CHANGELOG 2019-10-22 11:02:51 +02:00
Davide De Rosa 9619d21d15 Add missing changelog for 2.0.5 2019-09-30 10:28:57 +02:00
Davide De Rosa 93ac2442b3 Set release date 2019-09-06 23:19:52 +02:00
Davide De Rosa 1ab045e413 Update CHANGELOG
Fixes #106
2019-08-23 09:15:59 +02:00
Davide De Rosa a893504b5f Set release date 2019-07-27 00:14:44 +02:00
Davide De Rosa 3577674fd2 Update CHANGELOG
Fixes #104
2019-07-26 23:26:51 +02:00
Davide De Rosa ca517b3075 Add missing changelogs of recent 2.x versions 2019-07-26 21:14:23 +02:00
Davide De Rosa a7a912a0d8 Update CHANGELOG 2019-07-11 18:45:39 +02:00
Davide De Rosa 1dcf4d7745 Shut down abruptly to work around macOS bug
Fixes #111
2019-07-07 23:36:06 +02:00
Davide De Rosa e4f60ddd3a Update GitHub URL in CHANGELOG 2019-05-14 11:17:18 +02:00
Davide De Rosa 05d12a22d1 Update CHANGELOG 2019-05-14 11:16:56 +02:00
Davide De Rosa 97f178cdac Tolerate weak certificates
Lower SSL security level.

Fixes #97
2019-05-05 17:51:24 +02:00
Davide De Rosa 037f08ed62 Retry auth once without local options
Hack around picky server implementations.

Fixes #95
2019-05-01 11:14:52 +02:00
Davide De Rosa 2b41264e48 Set release date 2019-05-01 11:13:27 +02:00
Davide De Rosa ebabf02eb5 Fix DNS in VPN when not default gateway
Awful API requires .matchDomains = [""]

Fixes #94
2019-04-28 10:39:55 +02:00
Davide De Rosa 53c393f2d7 Update CHANGELOG
Fixes #91
2019-04-27 18:24:48 +02:00
Davide De Rosa 212ef481dc Upgrade OpenSSL to 1.1.0j 2019-04-27 10:01:09 +02:00
Davide De Rosa 6fb409b112 Drop UDP packets on no buffer space available
Tolerate only on data channel. Control channel should never reach
high speeds.

Fixes #87
2019-04-25 17:29:10 +02:00
Davide De Rosa b8cd969a1a Fall back to configurable preset DNS servers
Default to CloudFlare 1.1.1.1

Hard time making it work with system DNS servers. Retry later.
2019-04-25 17:18:28 +02:00
Davide De Rosa f95d9ae551 Update CHANGELOG
Fixes #90
2019-04-25 16:02:19 +02:00
Davide De Rosa ef5180a4ed Set tls-auth/crypt timestamp once
Packets rejected due to replay protection.

Fixes #88
Fixes #61
2019-04-23 23:07:32 +02:00
Davide De Rosa c565e32dcd Add "dev-type tun" to local options
Plus other hardcoded options like key-method and tls-client.

Seems that older OpenVPN servers didn't send routing info in
PUSH_REPLY if dev-type is not specified explicitly.

Fixes #86
2019-04-18 13:10:57 +02:00
Davide De Rosa e7a5ce062e Update CHANGELOG 2019-04-17 09:25:49 +02:00
Davide De Rosa 80f5a3250d Update CHANGELOG 2019-04-17 00:26:56 +02:00
Davide De Rosa 322242de5c Fix malformed key generation message
Make nullTerminated argument explicit, easier to debug.

Fixes #67
2019-04-13 23:55:18 +02:00
Davide De Rosa 904e7bae21 Apply proxy settings if present
Fixes #74
2019-04-12 08:21:04 +02:00
Davide De Rosa 3fe9c6de6d Make hostname optional in ConnectionStrategy
Assume preferring resolved addresses.
2019-04-09 20:34:03 +02:00
Davide De Rosa f4683bd337 Update CHANGELOG 2019-04-08 23:28:19 +02:00